SonicWall Products Multiple Vulnerabilities

Release Date: 2 May 2025

RISK: High Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in SonicWall Products. A remote attacker could exploit these vulnerabilities to trigger remote code execution and security restriction bypass on the targeted system.

 

Note:

CVE-2023-44221 is being exploited in the wild. This vulnerability allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user in SonicWall SMA100 appliances. Hence, the risk level is rated as High Risk.

 

---

Impact

• Remote Code Execution
• Security Restriction Bypass

---

System / Technologies affected

• SonicWall SMA 100 Series (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v) 10.2.1.9-57sv and earlier versions.

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://www.sonicwall.com/support/notices/sonicwall-ssl-vpn-sma100-version-10-x-is-affected-by-multiple-vulnerabilities/231127094418307

---

Vulnerability Identifier

• CVE-2023-5970
• CVE-2023-44221

---

Source

• SonicWall

---

Related Link

• https://www.sonicwall.com/support/notices/sonicwall-ssl-vpn-sma100-version-10-x-is-affected-by-multiple-vulnerabilities/231127094418307
• https://www.cisa.gov/news-events/alerts/2025/05/01/cisa-adds-two-known-exploited-vulnerabilities-catalog